Post navigation

As a believer in the importance of open creativity and a growing culture of creation (read any Lawrence Lessig for insight into this perspective) I want to see as little restriction on the use of other people’s work as possible.

However, as a writer and creative who wants to maximize the financial value of any given piece of creativity, I can appreciate the need for copyright protections.

The crux of the problem is that real copyright protection costs money, which means that the actual protections of copyright are usually given to the rich or corporations, rather than to the creative (but often poor) people who need them most. I’m a writer, so let’s look at it from that perspective. Everything I’ve ever written is copyright, just by having been created–that’s the basic of the law. BUT, if I want to sue somebody who steals something I’ve written (but not published in a separately copyrighted book or publication), the best I’ll do if I win is get them to STOP stealing it. Getting back the damages (lost profits or their profits) is nearly impossible. And legal fees…fogetaboutit.

Of course, if you actually register your copyright (costs $35 and can take up to a year to be granted) then the situation changes. With a Registered Copyright, you can sue an infringer and you are eligible for an additional (and incredibly important) benefit. The owner of a Registered Copyright can sue and if they win can be awarded their (reasonable) legal fees. Yes, you heard that right. Even if the copyright owner only gets awarded the $1 they can prove they lost to the infringer, the infringer may have to pay the lawyer $1000, $5000 or more in legal fees, not to mention their OWN lawyer’s fees.

Bottom line: You can’t recover much and will never get a lawyer to work with you (without prepaying a retainer) if you’re trying to stop infringement on a non-registered copyright, but you probably CAN get a lawyer (possibly even on a “contingency” plan where they only get paid if you win, but not if you don’t) if you are suing somebody who has infringed on a Registered Copyright.

So, since my work Everything I Know in Life, I Learned from the Theater is designed to be a fundraiser for non-profit theater groups, I decided that it would be the one thing I have created that I would actually obtain a Registered Copyright for it (Txu-1-096-467). I figured, since it was “just words” it would be a good idea to protect it, so that it could earn as much for those who need it (children’s theater groups, high school theater departments, regional non-profit theater productions, etc.) as possible.

If you are a non-profit and want to use the poster to raise money, you just have to ask: I’ve never said no. If you want to own the words, I suggest you buy a poster. Just ask, and I’ll direct you to where. If you steal it, I will get a lawyer who wants to rack up some hours to sue you, and they will make a lot of money. I won’t make much, but it will deter others from taking money away from theater programs that need it, so I won’t hesitate. THAT is how copyright works.

It’s also why EiK is the only thing I’ve actually registered a copyright for. Everything else I’ve written, I figure I’ll have to make money on the hard way–by actually producing or selling it.

Since it was “announced” today (more on that later) the eBay hack and how eBay has handled it has been compared to one of the bigger recent credentials hacks–the Target incident. In some ways, it’s similar, but in other ways, eBay’s handling of their recent network breech is far, far worse and a much bigger #FAIL. Let me explain.

Target’s network was breached last year, and POS debit card transaction information from a specific period was acquired by the culprits. This was a giant #FAIL and the people responsible for securing Target’s data were (eventually) disposed of, and even Target’s CEO finally had to step down as a result of the debacle. Target’s failure to communicate to the public about this breech can be somewhat attributed to a “what do we say?” problem, though in the end, the basic statement was “if you shopped at Target between November 27 to December 15, 2013, you need to check for fraud and change your PIN for whatever debit card you used and any other card that uses that same PIN.” Not a fun story to tell, but not impossible.

eBay had a bigger problem, but really had an easier solution at their fingertips, THAT THEY FAILED TO USE. eBay had network access credentials compromised, which was a big deal. However, not necessarily one that you would report to the public or your customers, ESPECIALLY, if you were positive that you would be able to notice and track any use of those stolen credentials, which APPEARED to be the case.

When eBay knew that those credentials HAD been used, and that access to customer information (as many as 120Million+ user accounts) HAD been compromised, they had an obligation to IMMEDIATELY INFORM THEIR CUSTOMERS. Now, here’s where things went wrong.

eBay didn’t want to make a PUBLIC announcement at that point, and they had a very good reason. Of those 120M+ members, a lot of them are DUMB. How dumb? Dumb enough that, after hearing a news report on Faux News or CNN about eBay being hacked, and then getting an “email from eBay” about having to change their password, they would click on the link in that email and enter any information asked for. That is dumb. It’s called phishing, and it’s done to eBay users ALL the time, and I suspect that at least .001% of the recipients probably fall for it. That would mean that if eBay just “went public” they might cause thousands, tens of thousands, or even a hundred thousand of their members to experience full-scale identity theft, as well as loss of their eBay password, and not even to the original culprits, but just to fast-acting scam artists.

No, an uncontrolled release of this information without proper explanation would NOT be the best course of action.

However, eBay has a very good tool for reaching their ACTIVE MEMBERS. Immediately after logging in to eBay, there will often be an intercine screen that will appear. It can’t be clicked off of without hitting a new button, and eBay can completely control the content of that screen and where the button you click takes you. It’s AFTER you’ve already entered your eBay credentials, so it’s obviously a screen where the content was created by eBay, and not a hack or a scam. eBay doesn’t hesitate to use this method when they want to SELL their active members something, presenting it EVERY time, even when the member has ignored it and quickly moved on.

eBay SHOULD have used that intercine approach. They SHOULD have put up a notice that basically said the following:

Bad News & Good News

The bad news is that eBay’s security was compromised and some evildoers MAY have gotten access to your account information. We want you to change it right now, and we’re not going to let you do ANYTHING else until you do. You’ll have to re-enter your login and then a new password, and then everything will be OK. (Though, if you use that password for any other accounts elsewhere, you might want to go change it there as well.)

The good news is that you’re doing this now, and everything should be OK after this. We’re sorry this happened, but we appreciate you doing this right now to secure your information. We’re on the trail of the bad guys, and as soon as we find them, well, it won’t be suitable for family viewing. We’re sorry, and we’ll be redoubling our security to make sure nothing like this ever happens again.

If, for any reason, you think your account might have been accessed already, click here.

That’s it. That would have done it. As ACTIVE members logged in, they would get the message.

Now, what about the INACTIVE members of eBay? Their credentials might also be compromised. Well, eBay could send out an email (WITHOUT ANY LINKS IN IT) to EVERY SINGLE MEMBER, telling members that they need to come to eBay and LOG IN right away. Not necessarily give any reason, if they don’t want to.

Or, if they are worried about response rates, they can even offer every member a chance in a drawing for one hundred prizes of $1,000,000 each if they log in to their account within 24 hours. (Please, don’t even START on how $100,000,000 is a lot to pay–this is going to cost eBay TEN times that before it’s over.)

THEN, once they have a large enough number, they could go public and explain that eBay members should get to their accounts DIRECTLY (not from a link) and deal with the issue and then give the same mea culpas.

THIS SHOULD NOT HAVE BEEN BROKEN BY A NEWS SOURCE BECAUSE SOMEBODY AT PAYPAL STARTED TO BLOG ABOUT IT. This should have been PROACTIVELY announced by the company.

This was a major fail by a company that is already feeling a lot of heat from Amazon and may soon feel even more heat from Google and Facebook in the e-com space.